With the advent of electronic-commerce-transaction systems, including automatic teller machines (“ATM”), Internet commerce, automated telephone transaction systems, and other electronic-commerce systems, the need for authenticating remote users by commercial enterprises that conduct transactions with remote users has become a central and continuing problem for commercial entities, including banks, sellers of products and services through the Internet, and other commercial entities. More recently, the need for authentication has become an increasingly vexatious and important problem for users, as well, as users seek to protect themselves from Internet fraud, banking fraud, identity theft, and other types of fraud. Many users are woefully unprepared to understand and assemble complex technologies currently available to secure electronic transactions, and, to users' disappointment, many of these currently available technologies are insufficient to protect users from fraudulent activities of thousands of determined and technology-savvy fraud artists. Although a large number of authentication protocols and strategies have been devised, soon after the advent of each new authentication protocol or strategy, new problems tend to quickly arise. Many current authentication services are based on password or other secret-information schemes, in which a user, during the course of an electronic transaction, provides a remote commercial entity or other remote entity with a password or other secret information to verify the user's identity. In certain stronger authentication systems, such as ATM systems, the user supplies both a password, or PIN number, as well as an ATM card with encoded information. As is obvious from the many news reports of increasing levels of fraud and illegal activities involving electronic transactions, both weak password-based and stronger two-phase authentication schemes are decidedly less than secure. A lost ATM card, loss of user information to various electronic eavesdropping devices, and other such events can quickly spell disaster for a user. Commercial entities, Internet service providers, users of commercial services provided through electronic media, and other parties and vendors involved in electronic transactions have all recognized the need for more reliable authentication of users of electronic-transaction services.